Penetration testing tutorial for service providers

Penetration testing provides a complete picture of your client's security posture. In this series of tips by SearchSecurityChannel expert Russell Dean Vines, ethical hackers learn how to sell their services, protect themselves from risk and conduct a penetration test.

A penetration test involves probing a computer system or network to identify and exploit vulnerabilities. It allows you to provide customers with a complete picture of their security posture by which you can measure the health of the network at future intervals. This series of tips by SearchSecurityChannel expert Russell Dean Vines explores the penetration testing process in detail. If you have questions about the process, submit them to Russell via our Ask the Expert feature.

TIP #1 ----------------------------------------------------------------------------------------------

An introduction to penetration testing and its legal implications for VARs and consultants
Learn the importance of conducting a penetration test and how to sell such a service to your clients. Also, learn how to protect yourself and your client from legal risks.

TIP #2 ----------------------------------------------------------------------------------------------

Reconnaissance: Footprinting, scanning and enumerating
The three pre-test phases of penetration testing – reconnaissance – help to create a complete picture of your client's security posture. Learn how to conduct footprinting, scanning and enumerating.

TIP #3 ----------------------------------------------------------------------------------------------

Ethical hacking tools and techniques
Penetration testers should use the same tools a malicious intruder would use to hack a network. Learn how to use information gathering, port scanning, vulnerability scanning and password cracking tools.

TIP #4 ----------------------------------------------------------------------------------------------

Big bad bugs
You may uncover a variety of vulnerabilities when conducting a penetration test of your client's network, but a few are more common than others. Learn how to identify Trojan horses, buffer overflows, SQL injection and cross-site scripting vulnerabilities.

TIP #5 ----------------------------------------------------------------------------------------------

Securing wireless access points
A thorough penetration test of today's networks should include wireless. Learn how to pen test and secure wireless LANs.

TIP #6 ----------------------------------------------------------------------------------------------

Social engineering, IDS and honey pots
There are three more tools hackers can use to learn about networks. Learn how to use social engineering, an intrusion detection system and honey pots as part of a penetration test.


About the author
Russell Dean Vines is a bestselling author, Chief Security Advisor for Gotham Technology Group, LLC, and former President of the RDV Group. His most recent book is
The CISSP and CAP Prep Guide, published by John S. Wiley and Sons.

Dig Deeper on Cybersecurity risk assessment and management